• Information and Communications Magazine
• /
• v.33 no.12
• /
• pp.3-11
• /
• 2016

본고에서는 최근 가장 주목 받고 있는 연구 분야 중 하나인 사물인터넷(Internet of Things, IoT)을 위한 Domain Name System(DNS) 네이밍 서비스 기술동향에 대해 소개한다. IoT 환경에서 IoT 디바이스를 관리하기 위해 DNS 네임을 일일이 수동적으로 설정하는 것은 비효율적이다. 따라서 본고에서는 IoT 환경에서 수많은 IoT 디바이스의 관리를 위한 IoT 디바이스의 DNS 네임 자동설정 및 네이밍 서비스 기술에 대해 소개하고 분석한다. 본고에서 소개하는 IoT 네이밍 서비스 기술은 Internet Engineering Task Force(IETF)에서 제정된 표준 프로토콜을 이용하므로 구현이 용이하고 성능적인 면에서도 우수하다. IoT 디바이스의 DNS 네임이 사용자들에게 가독성 있으면서도 기계적으로 파싱이 용이하면 IoT 디바이스 관리를 효과적으로 수행할 수 있다. 즉 설정된 IoT 디바이스 DNS 네임으로 인터넷 사용자가 스마트폰과 태블릿과 같은 모바일 스마트 디바이스로 IoT 디바이스를 원격에서 모니터링 및 원격제어 할 수 있다. 본고에서는 IoT 디바이스에 연관된 네이밍 서비스 기술들을 비교 분석하고, 본 저자가 제안하는 IoT 디바이스 DNS 네이밍 기술을 소개하고자 한다.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.7
• /
• pp.1855-1862
• /
• 1998

An Internet user obtains an IP address from DNS to access the host. But, Korean users must use English word order Domain that is not convenient for them. All existing systems have the reverse of the Korean word order and that is the obstacle to the spreading of Internet. So, the necessity of a Korean name system that well suited for Korean Internet user is increasing. In order to operate the proposed Korean Domain System with existing Domain Name Systems, we build a Korean to English transformation rule and Korean Domain Name composition rule. Also, we designed a STHOP for Korean word order processing. In a STROP, a SLDF transform a Korean SLD into English SLD, and a NFDNG makes this as an English word order. By using Korean Domain Name System proposed here, users could understand the embedded meaning of Domain Name with ease, and reluctance of Domain registration caused by similarity of organization names would be solved, Consequently. it could devote to the popularization of the Internet.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.8
• /
• pp.3501-3518
• /
• 2020

The method of DNS data collection is one of the most important parts of DNS simulation. DNS data contains a lot of information. When it comes to analyzing the DNS security issues by simulation on the cyber range with customized features, we only need some of them, such as IP address, domain name information, etc. Therefore, the data we need are supposed to be light-weighted and easy to manipulate. Many researchers have designed different schemes to obtain their datasets, such as LDplayer and Thales system. However, existing solutions consume excessive computational resources, which are not necessary for DNS security simulation. In this paper, we propose a light-weighted active data collection method to prepare the datasets for DNS simulation on cyber range. We evaluate the performance of the method and prove that it can collect DNS data in a short time and store the collected data at a lower storage cost. In addition, we give two examples to illustrate how our method can be used in a variety of applications.

• The Journal of Engineering Research
• /
• v.6 no.2
• /
• pp.125-130
• /
• 2004

In the current Internet, IP addresses does not support Mobility and Multi-homming because it depend on their topological location. To resolve these problems, IETF hip WG introduces Host Identity Protocol that separates the endpoint identifier and locator roles of IP addresses. However the DNS that was presented for the HIP had only a part of the expansion design from the existing DNS function, so it was not an absolute complete method. This paper propose how the dymanic DNS has been designed so that it support the HIP completely. We added the Host Identity Namespace and the Rendezvous Server Namespace, defined the new PRs in DNS.

• ETRI Journal
• /
• v.43 no.1
• /
• pp.40-52
• /
• 2021

DNS (Domain Name System) tunnels almost obscure the true network activities of users, which makes it challenging for the gateway or censorship equipment to identify malicious or unpermitted network behaviors. An efficient way to address this problem is to conduct a temporal-spatial analysis on the tunnel traffic. Nevertheless, current studies on this topic limit the DNS tunnel to those with a single protocol, whereas more than one protocol may be used simultaneously. In this paper, we concentrate on the refined identification of two protocols mixed in a DNS tunnel. A feature set is first derived from DNS query and response flows, which is incorporated with deep neural networks to construct a regression model. We benchmark the proposed method with captured DNS tunnel traffic, the experimental results show that the proposed scheme can achieve identification accuracy of more than 90%. To the best of our knowledge, the proposed scheme is the first to estimate the ratios of two mixed protocols in DNS tunnels.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.10b
• /
• pp.1169-1172
• /
• 2000

본 논문에서는 X.509와 DNS를 연관하여 Kerberos를 기반으로 분산 인증 알고리즘을 제안한다. Kerberos 에서는 영역간의 서비스에 대하여 언급을 하지 않았기 때문에 영역간 인증은 X.509와 Domain Name System(DNS)를 사용하여 얻을 수 있는 체인에 의해서 수행하는 PKINIT를 통하여 이루어진다. 두 개의 프로토콜은 상이한 키 관리 방식을 갖고 있는데 Kerberos는 공통키에 기반을 두고 있는 반면에 X,509는 공개키 방식에 기반을 두고 있으므로 이들을 상호 연동시키기 위해 연결 세션은 Directory Service(DS)를 이용하였고, 실제적인 인증을 위해서는 Kerberos를 적용하였다. 새로운 알고리즘은 통신복잡도의 관점에서 고찰하면 IETF CAT 그룹에서 제안한 알고리즘을 개선하였다.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.829-830
• /
• 2006

A distributed web caching system can transmit information to a user quickly and stably, avoiding a congested internet network by storing and later supplying requested content to a cache that is distributed and shared like a proxy server. This paper proposes a client-based distributed web caching system that assigns an object and controls the load using a user's direct connection to shared caches, without the aid of additional domain name system (DNS) requests. The proposed system simplifies information transmission by reducing both DNS queries and delay time.

• Journal of Korea Society of Industrial Information Systems
• /
• v.8 no.3
• /
• pp.69-75
• /
• 2003

NAPRT(Naming Authority Pointer) is a type of resource record specified in IETF RFC 2915. NAPTR enables to register various services in the Domain Name Systems and thus provides a way to discover services available on specific hosts. This paper describes the design and implementation of a Proxy DNS system aimed at supporting NAPTRs. The goal of this work is to study on the feasibility of the service discovery registered in DNS via NAPTR records and provides the result for simplicity and extensibility of implementation through the implementation of a actual Test-bed system This research result can be applied to service discovery in the resource information management for high performance GRE environments as well as to the implementation of DNS infrastructure for the ENUM.

• Review of Korean Society for Internet Information
• /
• v.14 no.3
• /
• pp.5-20
• /
• 2013

ICANN has been governing the Domain Name System(DNS) "technically" since 1998. The architecture is called Internet Governance, and it brings about many different discourses; "What does that govern?", "Who delegate its role to ICANN?"," How could the regime ensure fairness?" etc. This article will analyze on Internet Governance by applying the government approach of Foucault, and try to compare two parts, the 'core' and the 'edge' of Internet Governance for method. Whereas the 'core' of it refers the site that be governed by the formal contract directly, the 'edge' as the rest of it means informal friendly relations with ICANN. The 'core' rule was stemmed from technological community such as IAB or IETF historically. They had invented new world and its population to integrate the technical order as protocol and the semiotic order as language, that be based on new government mode. On the other hand, ".KR" domain, one of the 'edges', has been evolved into more heterogeneous system, through contest and conflict between traditional state and Internet Governance. The governed object of ".KR" domain is situated in the crossing of each other the 'protocol user', the 'language-semiotic user' and the' geographical resident'. Here the 'geographical resident' rule was weird for DNS, so that shows the internal lack of Internet Governance. It needs to move to the concept of 'Hangeul(Korean-language) user' rather than the 'geographical resident'.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3B
• /
• pp.375-390
• /
• 2004

Domain Name System(DNS), one of the most important Internet services, handles mapping from host names to Internet addresses and vice versa, and precedes many Internet applications such as Web, e-mail, file transfer, etc. In this paper, we propose a structural design of a generic name server system providing name services for a huge domain for the purpose of improving the performance as well as the reliability of the system. We demonstrate the validity of the design by implementing and running a testbed system. Our testbed employs a couple of master name sowers for distributing the service overhead over two, rather than one, servers and for achieving high availability of the system as a whole. We suggest the use of dynamic update to add and delete records from a zone for which the name server has authority. The slave name servers located remotely then get a new, updated copy of the zone via incremental zone transfers(IXFRs). The experiments with the implemented testbed show that the proposed structure would easily manage increasing demands on the server power, and be highly available in the face of transient faults of a module in the system.